If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Trojan Horse Win32/PEPatch.AO

I need some guidance. Here is the story:
Win XP 'puter
missing the explorer.exe file due to ....??? It was causing me to only see the wallpaper at startup. NO icons, NO task bar. This was rectified. I now have full access to the desktop and task bar.(thanks to Nihil and others on the Operating system topic area.)
System is running AVG 8.0.
Now for the problem. AVG is detecting the above trojan in resident shield scan but it is always attached to a valid process. AVG only gives me the option to Ignore it also. I have run Spybot S&D, Malwarebytes Malware scan, AVG, and Hijackthis.
Spybot and MWB both caught things but did not solve the problem.
I thought of this afterwards and did not try it. But, everytime i would run a different virus/*ware scan, the AVG resident shield would detect the trojan. Everytime it would only allow me to ignore. Everytime it was attached to a valid process (in each case, the process was the virus/*ware scanner that I was running at the time. If i disable the Resident shield, then run the scans, will that clear it? or am I dealing with a special case. I cannot seem to find much info on it.
Thanks in advance for the help.
Len Q.

edit #2 - disable System Restore and empty ALL temp folders (you may need
to toggle Folder Options to make some visible). Also search for any recently
datestamped .exe's, .tmp's, .dll's and .~'s (null) files. Delete those, backup
if necessary.

In safe mode the interactive scan should be turned off by default. You should only be scanning with one tool at a time for best results.

If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?

Yes i have a copy of the install disk. I ran:
sfc /scannow
This is the first time i have run this program. Is something supposed to happen afterward? It ran but i did not see any change or difference. no addititional windows popped up or anything.
i will do what brokencrow suggests and let everyone know.
nihil, i will also try ccleaner and emisoft to see what happens.

All you would expect to see is a progress bar. If you don't get that you can make a registry amendment:

When you run scannow at logon you do not get a progress bar... This can easily be remedied by adding a new DWORD: SFCShowProgress to the registry key:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
the values available are: 0 = disabled, 1 = enabled

It still works with or without the progress bar

I would also think about downloading and installing SP3.

If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?

Going from bad to worse. Finally got back to this computer. Someone turned it off and now it will not even boot. It keeps restarting right after the Windows Xp screen. They are just going to buy a new one at this time. They want a laptop anyway.
Still going to try to clean this one up though. install disk, repair, etc. We shall see what happens.
Len

I agree. You have been fighting this thing for quite some time now... I realize a reformat/reinstall can take a few hours, but that is nothing compared to the time you have invested/will invest in this.

\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

Very true. When you are dealing with a trojan or badly infected machine then a reinstallation is the preferred method.

I generally use DBAN (Darik's Boot & Nuke) or Eraser to do a one pass wipe (Vista will do this with a full format) before re-installation.

You might also look at creating a slipstreamed CD/DVD of the OS to save having to download service packs and updates. Try nLite or vLite.

If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?

Going from bad to worse. Finally got back to this computer. Someone turned it off and now it will not even boot. It keeps restarting right after the Windows Xp screen.

Sounds like it's got hardware issues too. It's not unusual to run into
3-4-5-year-old PC's that haven't been serviced and come in with numerous
issues. We used to call that restarting 'rolling reboots' and most often
fixed it by running "chkdsk /r c:" from the command prompt. Might
give that a try if you're desperate enough.